Description:
Defcom Labs discovered a vulnerablility in Gordano's NTMail e-mail server that could allow a remote user to cause the mail server's web services to crash.

In Defcom Labs Advisory def-2001-13, it is reported that the web services on TCP ports 8000 and 9000 are both vulnerable to a "LongURL attack". Sending a URL request larger than 255 characters will crash the service.

A crash will reportedly take down the services listening on TCP ports: 8000 (NTMail configuration), 8025, 8080, 8888 and 9000 (GLWebMail).

Impact:
Any remote user can cause the web services (but not the mail server itself) to crash.

======================================================================
Defcom Labs Advisory def-2001-13
NTMail Web Services DoS
Release Date: 2001-03-20
======================================================================
------------------------=[Brief Description]=-------------------------
NTMails web services contain a flaw that could allow a malicious
attacker to crash the web services using a malformed URL.
------------------------=[Affected Systems]=--------------------------
- NTMail V6.0.3c for Windows NT/2000
----------------------=[Detailed Description]=------------------------
It appears that while fixing another URL related problem, Gordano
accidently introduced a new one. The web services on TCP ports 8000
and 9000 are both vulnerable to a "LongURL attack". That means that a
request larger than 255 characters will crash the service.
A crash will take down the services listening on TCP ports:
8000 (NTMail configuration), 8025, 8080, 8888 and 9000 (GLWebMail).
---------------------------=[Workaround]=-----------------------------
Install the patch located at:
ftp://ftp.gordano.com/ntmail6/hotfixes/ntmail6C_Intel_20010317.zip
-------------------------=[Vendor Response]=--------------------------
This issue was brought to the vendor's attention on the 9th of
March, 2001 and a patch was released by the vendor on the 17th
of March 2001.
======================================================================
This release was brought to you by Defcom Labs
labs@defcom.com www.defcom.com
======================================================================